A way to mess up recovery mode logins! Comments please?

neil woolford lists at neilwoolford.plus.com
Fri Jan 13 18:19:41 UTC 2006


First of all, follow the instructions on the RootSudo wiki page to
temporarily set a root password, then follow the instructions to disable
that password.

so;

sudo passwd root

then;

sudo passwd -l root

Now try rebooting into recovery mode.  You will be asked for a root
password, but even if you give it, you won't be able to log in as it has
been disabled and the root account is now locked.  (Time to break out
the Damn Small Linux disc when it happened to me!)

Why does this happen?

As far as I know, it is for the following reason:  the recovery mode
boot has been patched in Ubuntu to allow passwordless login as root,
provided that the root password in /etc/shadow is set to the special
(default) value of the * character alone.  However, setting a password
places an encrypted value in this field, and locking it merely prepends
a ! character to this value, (allowing the password to be reactivated by
removing the !, without knowledge of the original password).

The immediate workaround is to manually edit the /etc/shadow file to
restore the root password field to the * character alone.

Unless others can see a reason not to do so, I intend to add this
information to the wiki.  I'm also considering a bug report as it
*might* be worth amending the patch to the recovery mode boot, to allow
the same behaviour for a locked root password as currently exists for a
null one.

Comments please...

Neil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060113/d9681709/attachment.pgp>


More information about the ubuntu-users mailing list